The UK’s Criminal Records Bureau (CRB) and the Identity and Passport Service (IPS) have completed a trial with 96% of passport holders and 87% of ID Card Holders (not real ones, trial ones, the first cards won’t be issued until 2009) marking it as a great success. You can read about it here: http://www.silicon.com/publicsector/0,3800010403,39168609,00.htm?r=2
I have personal experience of the old system. I volunteered as a helper at my son’s scout troop (well beaver cubs actually) and had to undergo a CRB check before I’d be permitted to work with children. I had to fill out a form with biographical information to identify me, and put my passport number on the form. I then had to take the form along to the lady who runs the troop. It was her job to check the photograph on the form matched my face, and then, most importantly, to check that the passport number on the form, matched the one in my passport. A 2-way binding if you will. Me-to-passport via photograph. And passport-to-form via passport number. In fact, she got distracted as she flicked through it with the amount of country entry stamps and visas in it. If you only ever do European travel, you are unlikely to ever get a stamp in your passport if you live here. So for an unseasoned traveller to a see a passport full of them was for her, unusual. Long-haul travel invariably results in a stamped passport, however she showed her naivety in this area by saying “they never stamp mine – they always just wave me through”. It distracted her enough, that I don’t believe she did a proper check that the number on my passport, matched the number on the form. A human failure. But also, her relative lack of sophistication with the whole passport scenario-thing, makes me ask myself – how bad a fake could I have passed off to her, and ended up with a clean CRB record? She clearly had so little experience in handling passports that the system is now quite riddled with holes.
For the record, I do not have an entry on the CRB. But if I did, I could have easily circumvented the current system.
The trial involved a mixture of online and physical presence. I suspect more than anything, it is the mixture of technology (in the online environment), convenience (you can forget your identity documents, but still proceed, at home) and physical presence (you have to visit a registration agent) that makes this system a success.
I think it can be improved by looking in particular at 2 of Kim Cameron’s laws of identity. Human Integration and COnsistent Experience across contexts. So that the user uses an online system that includes the human asa component of the system (an Identity Selector), and alsoprovides for a consistent login experience, no matter if they are loggin in to the CRB system, the IPS service or their favourite music download site. If the experience is ALWAYS the same when they log in, any anomaly can immediately be thought of as suspicious. This would certainly help in these cases where the consequences of getting it wrong are so dramatic.